IP Risk Score: 50 / 100

This IP presents a moderate risk and may be associated with automated activity. Moderate behavioral signals suggest possible automated probing or scanning. This assessment is backed by strong and consistent detection signals. The combined signals place this IP in a moderate risk category. Monitoring is recommended, with defensive action considered if activity continues.

Detect suspicious IPs early

What is this IP address?

IP Address: 138.204.25.97

Country: Brazil flag

Brazil (BR)

Region Name: Paraná (PR)

City: Curitiba

ISP: Ligga Telecomunicações S.A.

Organization: Ligga Telecomunicações S.A

Threat level: 50 / 100
Conf. level: 100 / 100

Properties

ASN: AS14868

AS Name: Ligga Telecomunicações S.A.

Timezone: America/Sao_Paulo

Reverse DNS: 97.25.204.138.rfc6598.dynamic.copelfibra.com.br

Status: Suspicious

Observed Client Profile

OS: Android (100%)
Device Type: Mobile (100%)
Browser Family: Chrome (100%)
Rendering Engine: Gecko (100%)

Behavioral Indicators

The IP shows signs of potential automated activity, including a botnet detection signal and lack of JavaScript support. The user-agent appears to be a mobile device, which can be easily spoofed. The behavior warrants further monitoring.

The supernet (138.204.0.0/16), which this IP belongs to, exhibits coordinated behavior with multiple IPs utilizing similar user agents and accessing the same site with low interaction, suggesting potential automated scraping or bot activity. The lack of matching forward DNS and RDNS records raises suspicion about the legitimacy of this traffic.

🕸️

Botnet Node

JavaScript Support

⚠️ No

User-Agent Samples

Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2314.1537 Mobile Safari/537.36

Integrate IPIntel into your system

IP Location

Region: Paraná, Brazil

City: Curitiba

Local time: 2026-06-23 11:34:55

Subnet
138.204.25.0/24
Supernet
138.204.0.0/16